Zypento Blocks WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Zypento Blocks plugin for WordPress, affecting all versions through 1.0.6. The issue arises in the Table of Contents block, where the front-end rendering script improperly handles heading text. It reads the text using 'innerText' and injects it into the page with 'innerHTML' without adequate sanitization. This flaw allows authenticated attackers with Author-level access and above to insert arbitrary web scripts into pages, which are executed when a user views the injected content.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, an authenticated user with Author-level access or higher can insert a Table of Contents block into a post or page. The block will automatically generate a table of contents based on the headings in the content. Because the plugin's script does not properly sanitize heading text before displaying it, the user can inject malicious scripts that will be executed when the page is viewed.